---
title: "OIDC (OpenID Connect)"
description: "OIDC is a standard for authentication and authorization that allows you to authenticate users with an external identity provider."
sidebarTitle: "OIDC (OpenID Connect)"
icon: "key"
---

<Note>
  This feature is available in Odigos
  [`v1.0.201`](https://github.com/odigos-io/odigos/releases/tag/v1.0.201) and
  later.
</Note>

## Getting Started

To get started with OIDC, you need to configure the Odigos UI to use an external identity provider.

<Steps>
  <Step title="Create a new OIDC application in your identity provider">
    <Info>
      You can use the [Okta](https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm) or [Auth0](https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/oidc) guides to create a new OIDC application.
    </Info>
    <Warning>
      Please note that the OIDC application should be configured to allow the Odigos UI to access the `Login redirect URLs`.

      - If you are using the default Odigos UI, the redirect URL should be `http://localhost:3000/auth/oidc-callback`.
      - If you are using a custom/remote UI, the redirect URL should be the URL of the Odigos UI, with the path `/auth/oidc-callback`.<br />
      For example, if you are using a remote UI at `https://my-odigos-ui.com`, the redirect URL should be `https://my-odigos-ui.com/auth/oidc-callback`.
    </Warning>

  </Step>
  <Step title="Set OIDC variables">
    You should set the OIDC values in the `odigos-config` ConfigMap. The values can be obtained from the identity provider, after creating the OIDC application.
    <Tabs>
      <Tab title="CLI">
        You can use the [`odigos config set`](/cli/odigos_config_set) command.

        ```bash
        odigos config set oidc-tenant-url <value>
        odigos config set oidc-client-id <value>
        odigos config set oidc-client-secret <value>
        ```
      </Tab>
      <Tab title="Helm">
        You can use the `Helm Values` to set the OIDC variables.

        ```yaml
        ui:
          oidcTenantUrl: <value>
          oidcClientId: <value>
          oidcClientSecret: <value>
        ```

        Alternatively, you can use the `--set` flag when installing/upgrading the Odigos Helm chart.

        ```bash
        helm repo update
        helm upgrade odigos odigos/odigos --namespace odigos-system --set ui.oidcTenantUrl=<value> --set ui.oidcClientId=<value> --set ui.oidcClientSecret=<value>
        ```
      </Tab>
    </Tabs>

  </Step>
  <Step title="Set UI remote URL (optional)">
    If you are hosting the Odigos UI on a custom/remote URL (e.g. `https://my-odigos-ui.com`), you should set the value in the `odigos-config` ConfigMap.
    <Tabs>
      <Tab title="CLI">
        You can use the [`odigos config set`](/cli/odigos_config_set) command.

        ```bash
        odigos config set ui-remote-url <value>
        ```
      </Tab>
      <Tab title="Helm">
        You can use the `Helm Values` to set the UI remote URL.

        ```yaml
        ui:
          uiRemoteUrl: <value>
        ```

        Alternatively, you can use the `--set` flag when installing/upgrading the Odigos Helm chart.

        ```bash
        helm repo update
        helm upgrade odigos odigos/odigos --namespace odigos-system --set ui.uiRemoteUrl=<value>
        ```
      </Tab>
    </Tabs>

  </Step>
</Steps>
